Add or Replace a Signed Certificate for the Conductor UI
- Versions
- v2.2.8 and later Conductors
By default, the Conductor comes with a Tempered factory-installed certificate. You can add your own custom certificate to prevent the “Your connection is not private” messages received on some browsers. A custom signed certificate is used by the Conductor for the SSL connection.
Important: For Conductors in HA environments, both Conductors must not be HA paired to upload and install custom certificates. Follow the steps for each Conductor. Once complete, HA pair the Conductors.
Before you Begin
Before you can upload or replace a signed certificate, you need to have a CA certificate chain installed so that the Conductor can verify the certificates. For more information, see Install a Custom CA Certificate Chain.
Step 1: Request and copy a CSR (Certificate Signing Request) for the Conductor
Once you’ve installed CA certificates (see Install a Custom CA Certificate Chain), you can generate a Certificate Signing Request (CSR) to create a certificate (for example, with a PKI Registration Authority):
-
In Conductor
Settings, under Airwall Conductor
Identity, click Actions, and then select
Create certificate or Replace
certificate.
-
Under Distinguished Name, enter the Identity
(Distinguished Name) of the Conductor.
If you’re replacing a certificate, you can leave the Distinguished name the
same. For example,
/C=US/O=Tempered/OU=Dev/CN=cond.example.com
- Under CSR, select either Copy or Download to generate and get the CSR you need to get a signed certificate. (In versions 2.2.5 and earlier, select and copy the CSR.)
- Select Save.
Step 2: Get a signed certificate
Use the CSR to request a new signed certificate. You can generate a new signed certificate using your organization’s own process, or with a public PKI Registration Authority.
- Submit the Certificate Signing Request (CSR) you copied or downloaded to your Enterprise PKI Registration Authority. They use it to create your certificates.
- When you get the certificates, download or copy them.
Step 3: Upload the signed certificate to the Conductor
- In Conductor Settings, under General settings, scroll down to Airwall Conductor Identity, and select Edit.
-
Under Signed Certificate, paste the custom-CA signed
certificate to install the certificate on the Conductor.
- Select Save.
- Refresh your browser window to apply the new certificate.